David Klein is a PhD Candidate since October 2018. His research interests include static and dynamic analysis, program transformations, web security and privacy.
General Data Protection Runtime: Enforcing Transparent GDPR Compliance for Existing Applications David Klein, Benny Rolle, Thomas Barber, Manuel Karl, Martin Johns To appear at the 30th ACM Conference on Computer and Communications Security (CCS), 2023 [BIB]
Accept All Exploits: Exploring the Security Impact of Cookie Banners David Klein*, Marius Musch*, Thomas Barber, Moritz Kopmann, and Martin Johns Proc. of the 37th Annual Computer Security Applications Conference (ACSAC), 2022 [BIB]
LogPicker: Strengthening Certificate Transparency Against Covert Adversaries Alexandra Dirksen, David Klein, Robert Michael, Tilman Stehr, Konrad Rieck and Martin Johns. Proceedings on Privacy Enhancing Technologies (PETS'21) [BIB]
Talking About My Generation: Targeted DOM-based XSS Exploit Generation using Dynamic Data Flow Analysis Souphiane Bensalim, David Klein, Thomas Barber, Martin Johns Proceedings of the 14th European Workshop on Systems Security (EuroSec '21) [BIB]
Adversarial Preprocessing: Understanding and Preventing Image-Scaling Attacks in Machine Learning Erwin Quiring, David Klein, Daniel Arp, Martin Johns and Konrad Rieck Proc. of the 29th USENIX Security Symposium, August 2020 [BIB]
Deploying Contextual Computing in a Campus Setting Fabio Aversente, David Klein, Schekeb Sultani, Dmitri Vronski, and Jörg Schäfer Eleventh International Network Conference (INC), 2016
Implementing Situation Awareness for Car-to-X Applications using Domain Specific Languages Jörg Schäfer, and David Klein Proceedings of the 77th IEEE Vehicular Technology Conference (VTC), 2013
Exploring Synergies Between Privacy and Security Enhancing Technologies [Slides] German OWASP Day '23, 30.-31.5.2023, Frankfurt am Main, Germany
I enjoy breaking stuff and helping people fix vulnerabilities.
CVE-2022-36020: Typo3 HTML Sanitizer is vulnerable to XSS payloads enclosed in particular HTML comment combinations.
CVE-2022-23499: Typo3 HTML Sanitizer can be bypassed by embedding the payload in CDATA or by mutating our of RAWTEXT elements.
CVE-2023-23627: Ruby sanitize can be bypasses due to parsing differentials related to the noscript tag.
CVE-2023-38500: Typo3 HTML Sanitizer does not parse noscript tags as a browser does, opening the door for bypasses.
Vacancies of TU Braunschweig Career Service' Job Exchange Merchandising
Term Dates Courses Degree Programmes Information for Freshman TUCard
Glossary (GER-EN) Change your Personal Data
Technische Universität Braunschweig Universitätsplatz 2 38106 Braunschweig
P. O. Box: 38092 Braunschweig GERMANY
Phone: +49 (0) 531 391-0
TU Braunschweig uses the software Matomo for anonymised web analysis. The data serve to optimise the web offer.You can find more information in our data protection declaration.